class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  
  # before_filter :authorize
  protect_from_forgery with: :exception

  private
  def current_cart
    # Cart.find(session[:cart_id])
  #   Cart.find_by_user_id(session[:user_id])
  # rescue ActiveRecord::RecordNotFound
  #   cart = Cart.create(:user_id =>session[:user_id])
  #   session[:cart_id] = cart.id
  #   cart
  if cart=Cart.find_by_user_id(session[:user_id])
      cart
  else
    cart = Cart.create(:user_id =>session[:user_id])
    session[:cart_id] = cart.id
    cart
  end
  
  end
  
  protected

    def authorize_user
      unless User.find_by_id(session[:user_id])
        redirect_to login_url, :notice => "请登录"
      end
    end
    
    def authorize_admin
      unless Admin.find_by_id(session[:admin_id])
        redirect_to store_url,:notice => "页面找不到"
      end
    end
    
end
